#
# Cookbook:: kosmos_gitea
# Recipe:: default
#
# The MIT License (MIT)
#
# Copyright:: 2020, Kosmos Developers
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.

include_recipe "kosmos-nginx"

domain = node["kosmos_gitea"]["nginx"]["domain"]

working_directory = node["kosmos_gitea"]["working_directory"]
git_home_directory = "/home/git"
config_directory = "/etc/gitea"
gitea_binary_path = "/usr/local/bin/gitea"
gitea_data_bag_item = data_bag_item("credentials", "gitea")
smtp_credentials = data_bag_item("credentials", "smtp")
jwt_secret = gitea_data_bag_item["jwt_secret"]
internal_token = gitea_data_bag_item["internal_token"]
secret_key = gitea_data_bag_item["secret_key"]
postgresql_primary_node = postgresql_primary
postgresql_server = postgresql_primary_node[:ipaddress]
# PostgreSQL is on the same server, connect through localhost
postgresql_server = "localhost" if postgresql_primary_node[:hostname] == node[:hostname]

# Dependency
package "git"

user "git" do
  manage_home true
  home "/home/git"
end

directory working_directory do
  owner "git"
  group "git"
  mode  "0750"
end

%w(custom custom/options custom/options/label custom/templates custom/templates/custom).each do |path|
  directory "#{working_directory}/#{path}" do
    owner "git"
    group "git"
    mode  "0750"
  end
end

# Kosmos label set
cookbook_file "#{working_directory}/custom/options/label/Kosmos" do
  source "custom/options/label/Kosmos"
  owner "git"
  group "git"
  mode  "0640"
  notifies :restart, "service[gitea]", :delayed
end

# Kosmos header template
cookbook_file "#{working_directory}/custom/templates/custom/header.tmpl" do
  source "custom/templates/custom/header.tmpl"
  owner "git"
  group "git"
  mode  "0640"
  notifies :restart, "service[gitea]", :delayed
end

directory config_directory do
  owner "git"
  group "git"
  mode "0750"
end

# Copy the self-signed root certificate to the system certificate store. Gitea
# will find it there automatically
postgresql_data_bag_item = data_bag_item('credentials', 'postgresql')
root_cert_path = "/etc/ssl/certs/root.kosmos.org.crt"
file root_cert_path do
  content postgresql_data_bag_item['ssl_root_cert']
  mode "0644"
end

template "#{config_directory}/app.ini" do
  source "app.ini.erb"
  owner "git"
  group "git"
  mode "0640"
  sensitive true
  variables working_directory: working_directory,
            git_home_directory: git_home_directory,
            config_directory: config_directory,
            gitea_binary_path: gitea_binary_path,
            jwt_secret: jwt_secret,
            internal_token: internal_token,
            secret_key: secret_key,
            postgresql_host: "#{postgresql_server}:5432",
            postgresql_password: gitea_data_bag_item["postgresql_password"],
            smtp_host: smtp_credentials["relayhost"],
            smtp_user: smtp_credentials["user_name"],
            smtp_password: smtp_credentials["password"]
  notifies :restart, "service[gitea]", :delayed
end

remote_file gitea_binary_path do
  source node['kosmos_gitea']['binary_url']
  checksum node['kosmos_gitea']['binary_checksum']
  mode "0755"
  notifies :restart, "service[gitea]", :delayed
end

execute "systemctl daemon-reload" do
  action :nothing
end

template "/etc/systemd/system/gitea.service" do
  source "gitea.service.erb"
  variables working_directory: working_directory,
            git_home_directory: git_home_directory,
            config_directory: config_directory,
            gitea_binary_path: gitea_binary_path
  notifies :run, "execute[systemctl daemon-reload]", :delayed
end

service "gitea" do
  action [:enable, :start]
end

template "#{node['nginx']['dir']}/sites-available/#{domain}" do
  source "nginx_conf.erb"
  owner 'www-data'
  mode 0640
  variables server_name:   domain,
            ssl_cert:      "/etc/letsencrypt/live/#{domain}/fullchain.pem",
            ssl_key:       "/etc/letsencrypt/live/#{domain}/privkey.pem",
            upstream_port: 3000

  notifies :reload, 'service[nginx]', :delayed
end

nginx_site domain do
  action :enable
end

nginx_certbot_site domain